struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Beal <>
Subject Re: Sample Code for Desclarative Security in Struts
Date Mon, 09 May 2005 15:42:49 GMT
Solution 1: I don't believe there has to be any correlation between
your web-resource-collections in your security-constraints and your
servlet-mappings in web.xml.  It seems to be perfectly valid to map
*.do to ActionServlet (a single servlet-mapping) and have /admin/*.do
and /user/*.do handled by two different security constraints.

Solution 2: You also have the option (since Struts 1.1) to declare
your security inside of struts-config.xml.  The roles attribute of the
action element lists the set of roles that you are allowing to access
a particular action.

-- Jeff

On 5/8/05, alec <> wrote:
> Would there be any sample code showing how to use declarative security in
> Struts?  I guess this would be a bit tricky as there is only 1 web resource
> to protect (ActionServlet)
> Appreciate any pointer.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message